Try the custom AI to help you find products that Reddit loves.
In terms of efficiently using your copious free time, there are better resources that are specifically tailored to cybersecurity as a software engineering practice. For example, if your day job is working on backends for web applications, this is a great book that I keep on my bookshelf: https://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470
security+ won't hurt, but it's not focused on how to write secure backend code, it's focused on how to secure a company's IT systems. If you were on an infrastructure or dev ops team as opposed to backend, it might be more relevant.
I'm learning web hacking you don't need to know how to make a website to do web hacking (though it recommend). You do need some fundamental like the basics of networking, html and how a website works. I learned (still learning)through reading books, and ctf. I recommend reading the web application hackers handbook. https://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470/ref=mp_s_a_1_1?dchild=1&keywords=the+web+application+hacker%27s+handbook&qid=1617744793&sprefix=the+web+application&sr=8-1
And read about Owasp top 10 vulnerability in web application
Also hackerone a bug bounty platform has ctfs about web hacking that can teach you the basic. There other sites like hackthissite,hackthebox,and tryhackme that provide web ctf to practice web hacking
I'd reccommend to read this:
Pdf available online.
It's not meant for QAs directly but I think that it's very important skill to understand how things work and to be able to find the root cause of bugs.
The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws https://www.amazon.com/dp/1118026470/ref=cm_sw_r_cp_api_i_zPGMFbG4F69BB
Try this book for OSWE. I wouldn’t call it a prerequisite but the more skills you have going in the easier it is. If you developed a good workflow, methodology, and try harder attitude you’ll be fine.
Sorry bud I misread your original post. You don’t want to work for a pentest company full time you just want to contract for companies like Synack and do bug bounties
For them at your convenience. I think you should focus on web apps. Keep doing what your doing but Check out the Web Application Hackers Handbook and all their labs.
So let's see, resources
For Web App Hacking
For everything else I would recommend all of the prerequisite knowledge I would start with thecybermentor on YouTube.
Unfortunately I don't have a lot of experience in training new people up. When I started, it was the WAHH. There may be something better out there now. I'm not really sure. Like a lot of work in technology, you'll learn as you go and will need to find ways to keep up with the evolving tech. Good luck!
Yes, here's the book (https://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470). The key with web application security, the one main rule is, never trust anything the user sends you. That means, you can do a lot (almost everything) just manipulating HTTP requests, which usually requires only minimal HTML/CSS knowledge.
Without understanding some HTML/CSS/JS, you may have a hard time with getting XSS to pop, without knowing some XML, you might have trouble understanding things like XXE, and without understand SQL, you might have issues with SQLi. BUT, there are a lot of things you can start doing without that.
In general though, you can do a lot by just learning how to proxy requests with Burp and setting up a vulnerable web app. If you're trying to learn and gain fluency in HTML/CSS, you're going to be doing a lot of unnecessary work. It's good to understand how these work, but you'll pick up most of what you need as you research and learn about specific vulnerabilities.
Yup, still checking these out. I'd recommend you read only the 2nd book (as it's more up-to-date) and if you are a web developer, an old but great book is "The Web Application Hacker's Handbook" http://www.amazon.com/The-Web-Application-Hackers-Handbook/dp/1118026470.
There are a ton of great resources out there, but it's all about which security niche area you want to go into. For example, malware reversing, forensics, pentesting, metasploit, mobile, low level (like shellcoders handbook), and etc. If you are looking for more general books on hacking, the Hacking Exposed series also has a good grasp on the basics. Let me know if that helps!
For more thorough testing, I highly recommend this book:
This has over 900 pages of neatly categorized attacks.
If you want to learn I highly recommend Web Application Hacker's Handbook. I went from very little knowledge of web apps to submitting my first discovered vuln to Secunia within a month of starting to look into it.
In my opinion; every book in this bundle is a bag of shit.
Here's a list of reputable books, again in my opinion (All links are Non-Affiliate Links):
The Web Hackers Handbook (Link)
Network Security Assessment (Link)
Please Note: The examples in the book are dated (even though it's been updated to v3), but this book is the best for learning Infrastructure Testing Methodology.
Hacking: The Art of Exploitation (Link)
Grey Hat Hacking (Link)
Hacking Exposed: Linux (I don't have a link to a specific book as there are many editions / revisions for this book. Please read the reviews for the edition you want to purchase)
I recommend the online course "Metaspliot Unleashed" (Link) as opposed to buying the book (Link).
The man pages. The book (Link) is a great reference and looks great on the bookshelf. The reality is, using Nmap is like baking a cake. There are too many variables involved in running the perfect portscan, every environment is different and as such will require tweaking to run efficiently.
Practical Malware Analysis (Link)
The book is old, but the methodology is rock solid.
Programming / Scripting:
Python: Automate the Boring Stuff (Link)
Hope that helps.
While Metasploit is a good tool, I would advise you to stray away from it until you learn. (I’m ignoring the fact that you rarely use Metasploit for web penetration testing in the real world anyways...)
You can carry out most of web penetration testing with just few tools like BurpSuite (this is the main one), a directory bruteforcer (gobuster, dirbuster, dirb, wfuzz..) and Nmap. These 3 tools should give you initial idea about the web application and its structure. Then it boils down to your enumeration and ability to spot weird or possibly vulnerable behavior. What is considered as “weird” or “vulnerable” behavior? According to OWASP, countless things. They made a whole web penetration testing guide for that reason - you can find it here: https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents.
Alternatively, this book (https://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470) covers web based exploitation in great depths and I highly recommend you obtain it. It was one of my first books ever and is definitely among my favorites.
Another useful resources:
Yes, there are other very specific tools which come in handy such as wpscan or sqlmap. While I don’t mind wpscan that much, I strongly believe one should be able to do a manual sql injection before using sqlmap (therefore avoid sqlmap when learning). This way you understand what is happening behind the green terminal ;).
PS: Sorry for formatting, typed this up on a phone. I’m also pretty tired so please excuse my janky grammar!
Would recommend reading this book - https://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470
Get your hands on a copy of the The Web Application Hacker's Handbook, Chapter 21. Step by step breakdown so you don't forget anything.
Textbook recommendations are:
but hands-on practice with TryHackMe is probably a better starting point. Followed maybe by books then HTB. EJPT is potentially good after that but depends on how strong you are feeling doing HTB. It is certainly easier but might be an extraneous intermediate step.
Since you're interested in pen testing I recommend https://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470. This is the precursor to PortSwiggers new free online hacking academy (https://portswigger.net/web-security). The web app hackers handbook is the web pen testing bible though. Read it cover to back. Then come back to it as a reference for all future testing.
Both have their own job market although exploit development and threat intelligence are more of a niche and arguably harder to get into (maybe harder to become skilled at may be the better term) than web security.
The short answer is it really just depends what you are most interested in.
Experience and credibility within a domain are just as important (likely more) than certifications but if you’re interested in certs each field has certs related to them so I wouldn’t let that deter you.
Exploit development: https://www.offensive-security.com/awe-osee/
General pentesting: https://www.offensive-security.com/pwk-oscp/
The question likely boils down to what are you interested in.
Here are some resources that may help you determine what you’re more interested in.
Also may want to look at the following book https://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470
Exploit Dev/ RE: (disclaimer: be careful) https://malwareunicorn.org/#/
PortSwigger web academy is a great place to start. This is also a great resource: https://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470
A recruiter at gave me this book to read: https://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470
No one is born knowing how to do CTFs or hack things. CTFs and hacking, like literally anything else, require the application of accumulated knowledge. If you haven't taught yourself the required knowledge yet, it's only natural that you are not going to be able to do a CTF.
As a soon-to-be college graduate, surely you realize that's how learning any subject works...? Like, that you would also fail "even the most basic calculus exam" or "even the most basic chemistry exam" if you had never devoted any specific effort to learning calculus or chemistry? You thought you'd just sit down in front of a CTF and be able to magically intuit how to hack? No offense, but, really?
First pentesting lessons: learn how to be your own teacher and design your own curriculum, learn how to perform self-guided research, learn how to apply basic analytical thought, don't give up.
If you can't even Google hard enough or articulately enough to find resources like this or this or this or this--resources which plainly describe many of the skills you'll need and teach you how to attain them--then indeed, you have a ways to go, but that doesn't mean you can't do it.
Overall it seems you have a solid understanding of the basics, so I won't provide too much of information for beginners, but for anyone wanting to get into Security I usually recommend starting off with [Professor Messer's Security+ Course](https://www.professormesser.com/security-plus/sy0-601/sy0-601-video/sy0-601-comptia-security-plus-course/) as it will provide a lot of fundamentals and basics knowledge you need to get anywhere in security - not just about web application stuff, but it also provides fundamentals on Network Security, and general security concepts.
From there if you are interested in Web Security I would highly recommend starting off with HackerOne's [Hacker101's](https://www.hacker101.com/) free courses and CTF to learn the basics of XSS, CSRF, SSRF, etc.
After you get the hang of that I suggest you pick up the [The Web Application Hacker's Handbook](https://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470) and play around with the [Pentesterlab Bootcamp](https://pentesterlab.com/bootcamp) modules to get a deeper and much more formal understanding of finding, exploiting and fixing web application vulnerabilities - as these will take you deeper into understanding the code, how to spot vulnerable code, and what you need to do to fix the vulnerabilities.
From there you should have a decent enough understanding where you can then start digging into much more complex bugs. To learn about those I usually suggest reading and understanding Bug Bounties or Blogs on web app security from the following sources:
Hope this helps!
per le CTF:
https://picoctf.org/ (molto semplice)
https://tryhackme.com/ (più "guidato" rispetto a Hack The Box)
Per quanto riguarda Hack The Box ti consiglio vivamente di "frequentare" l'academy:
Parecchi "moduli" possono essere fatti gratis, per altri devi pagare un pochino (soldi ottimamente ben spesi, by the way).
Per la sicurezza delle web application, credo che questo sia un must:
In italiano, ci sono queste linee guida:
E ti direi di non disdegnare qualche canale Youtube per approcciare l'argomento:
Here’s some links that were given to me when I was getting started:
Complete all these courses:
Depending on your skill level, start with either the Pre Security or Complete Beginner learning paths.
A lot of jobs right now are looking for Web App experience, so after you’ve finished all of the Codecademy courses above (or done the equivalent elsewhere) I would start looking for resources specific to Web App Hacking:
I'd recommend the Webapp Hackers Handbook to start.
Hands-On (Sandbox) Experience
The labs from Portswigger’s Web Security Academy have several exercises for each vulnerability category (XSS, SQLi, Authentication bugs, etc). WSA also has the benefit of tracking your progress throughout the labs, giving you a ‘scoreboard’ of progress to share in interviews.
Once you have the book and labs, you'll need to get relevant tools. While it's a common route to download Kali Linux and try dozens of tools, I'd recommend starting by downloading Burpsuite (Community) and getting very familiar with that. Burp is the 'swiss army knife' of webapp pentesting and will be the one tool you'll use every day. You’ll need to know more than just Burp but being able to claim competency with Burp will definitely help.
You could spend weeks or months just going through these tools (and it would take you a long way!) but real-world experience is often where budding pentesters struggle in getting their foot in the door.
When you start getting comfortable with the above, sign up for bug bounties (HackerOne, Bug Crowd, Intigrity, etc) and try finding vulnerabilities in real-world applications. Start off with smaller/newer bounties which don't offer financial rewards (VDP, Vulnerability Disclosure Programs) -- there will be many fewer eyes on those bounties, and give you a better chance at early wins.
As you start building your bug collection, add your HackerOne or Bug Crowd profile to your resume and mention the bugs you’ve found in the relevant section.
Even a few of these real vulnerabilities will be a gold star as you break into the industry.
After you have a good handle on Web App pentesting, I would recommend looking into Mobile. This is harder to get into because there aren’t many tools and training grounds available but I believe this is where the industry will be looking in the next 5 years. But this should definitely come after learning Web Apps, Active Directory, and other necessary skills.
The best advice I can give though, is to look as the job postings and work on the skills listed. Then when you have some knowledge, start applying and take notes as you get beat up in the interviews. Figure out what you still don’t know and concentrate on the topics you get hammered with in the interviews. And lastly, don’t get discouraged. The interview process is a learning experience just like any other. The worse the interview goes the more opportunity you have to learn from it.
Web App vulnerability assessment is a pretty broad topic so it might help to know what you're studying or what made you think about Web App security in the first place.
Regardless, I would start with OWASP and their top ten list to see if anything interests you. If you're interested in WAF research, 0xInfection did some wonderful work you can read here.
Without knowing more I can only recommend general sources on the topic:
Research Tools (Vulnerabulity Scanners)
I hope this helps. Let me know if you have any questions or need resources for something more specific. Good luck!
Right now a lot of jobs are looking for Web App experience.
OWASP juice shop is a great way to learn common security flaws that can be exploited!
If you’re looking for a book, the web application hackers handbook is great - it covers tons of web exploits that can be used for pen testing.
Web development has many aspects.
Server side/database: usually backend processes that takes a request from an API call or front end, and frequently works with databases to return responses. Therefore, SQL is good to learn since some exploits (like sql injection) rely heavily on them.
You may also want to learn Python if you’re starting out with coding.
For all their courses, check out:
Pick up the web application hackers handbook - I'm sure a PDF can be found in the right places (but support the authors once you are making money and buy a copy). Portswigger also has the Web Security Academy, which is free.
I recommend getting the The Web Hacker's Handbook which is a bit costly but it worth it. You can also get it for free if you find a pdf file on the internet but it is illegal.. Do it at your own risk..
another free site I use are:
there many other resources online like DVWA and YouTube.
I've never done bug bounty myself but I got friends that do
There's a long list of resources, ctf's, tutorials, etc etc etc
One of the best discord communities I've found is dead pixel sec where experts will sit down with new people and help with any concept
Everyone keeps telling me to pick up the Web App Hackers Handbook
You also got the huge number of different learning platforms like Hacker 1, OWASP, Port Swigger Academy , bug crowd university each with CTF's and/or videos
There are also You-tubers like STOK, DC CyberSec, The Cyber Mentor, NahmaSec, Christi Vlad and so on just to name a few
If you still feel like you need to learn more, or need more training there are certs and experts all over, try reaching out on twitter discord twitch etc, you'll be amazed how friendly the infosec community can be
Web security: The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws https://www.amazon.com/dp/1118026470/ref=cm_sw_r_cp_api_i_x1tdFbGC2RH3535
Network: Computer Networking: A Top-Down Approach (7th Edition) https://www.amazon.com/dp/0133594149/ref=cm_sw_r_cp_api_i_eGudFb1QJVWK2
Low level binary analysis: Hacking: The Art of Exploitation, 2nd Edition https://www.amazon.com/dp/1593271441/ref=cm_sw_r_cp_api_i_PGudFbKJBVM0B
Malware analysis: Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software https://www.amazon.com/dp/1593272901/ref=cm_sw_r_cp_api_i_lHudFb3ADZVZ5
The code book (this is my personal favorite it’s not technical but helps with analytical thinking) The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography https://www.amazon.com/dp/0385495323/ref=cm_sw_r_cp_api_i_9HudFbVZF2PQG
Database management: Database Systems: The Complete Book (2nd Edition) https://www.amazon.com/dp/0131873253/ref=cm_sw_r_cp_api_i_0JudFbB076A0W
Hackers (an anthology of hackers through time and the mind set) Hackers: Heroes of the Computer Revolution https://www.amazon.com/dp/0385191952/ref=cm_sw_r_cp_api_i_PKudFb3A6KER8
Here’s books I liked hopefully they help you
Next spring, plan on taking the Cyber Challenge in order to try to get an invitation to one of the Cyber Camps. I went to one a couple years ago and the amount of knowledge you learn is incredible.
Also, buy this book (buy the physical book, not just an e-book) and study it thoroughly. This is the bible.
side note... even if you delete the original post, the replies you've posted are still visible in your profile.
I see this book recommended a good it: https://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470
For the price I think it is a decent resource.
For playing around you can also use https://hack.me - there are a few good challenges on there.
Or look into SANS training.
I'm surprised no one recommended WAHH
Senior Security Engineer
Hi, I'm Kevin Hock and I work on the DataDog security team.
We are looking for some talented security engineers to join our security team here in NYC.
How Do I Apply
Send me an email with your resume and GitHub at
What you will do
Who you should be
Sample interview questions
Hat tip to chrisrohlf at Square, also on this Q1 thread. Random other places you can apply in nyc: Blink Health, MongoDB, Spotify, Jane Street, 2 Sigma, Greenhouse.
I personally applied because I love Python but I like the company a lot so far.
Do the Cyber Challenge next spring, hope to be selected to attend a Cyber Camp next summer. At the end of the week of seminars, there is a job fair.
Hat tip to Levi at SquareSpace, also on this thread, he is an awesome person to work with. David Wong, a crypto king of NCC, on this very Q4 thread, is also a great person to work with in Chicago.
~~If you're looking to break stuff more than build stuff hat tip to Chris Rohlf's Yahoo! team.~~
Random other places you can apply in nyc: MongoDB, Jane Street, 2 sigma, greenhouse.
Senior Application Security Engineer
Hat tip to Levi at SquareSpace, also on this thread, he is an awesome person to work with.
If you're looking to break stuff more than build stuff hat tip to Chris Rohlf's Yahoo! team.
Since this is the subreddit for DFIR, that's what you're going to end up with as far as suggestions go. For pentesting stuff, checkout:
-Web Application Hacker's Handbook: https://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470 (this has some labs, but just reading through the various weaknesses in WebApps will be a great start)
-The Hacker Playbook: https://www.amazon.com/dp/1512214566/ref=pd_lpo_sbs_dp_ss_1?pf_rd_p=1944687742&pf_rd_s=lpo-top-stripe-1&pf_rd_t=201&pf_rd_i=1118026470&pf_rd_m=ATVPDKIKX0DER&pf_rd_r=1NSA1RZZ3WQTP374S9WK
Red Team Field Manual: https://www.amazon.com/Rtfm-Red-Team-Field-Manual/dp/1494295504/ref=pd_bxgy_14_img_2?ie=UTF8&psc=1&refRID=S7FG8F9TCMZMM9HVX2TN
Those two are good general pentesting books. You might also try /r/AskNetsec for other suggestions.
There's The Web Application Hackers Handbook.
PentesterLab Bootcamp is another solid resource.
If you really want to get into Network Security/Pen Testing, then I second /u/snowpetrel's recommendation for OSCP. I got mine late last year, learned a ton, and it even helped me get a new position!
The knowledge you receive will be much more useful than CCNA/CCNP. Additionally, the industry recognition is huge, and it is held in a bit of a higher regard (at least in the pen-testing field).
In the meantime, I highly recommend some self study, or just jumping right in to the OSCP.
If you learn better from books, you cannot go wrong with some/all of the following:
Practice wise, you could also look into the vulnerable VMs or applications such as these:
I'm personally fairly partial to downloading a random VM off of https://www.vulnhub.com/ and trying to do it without looking at any walkthroughs etc.
If you might learn better from other people, you can also try your hand at some CTFs with the Reddit OpenToAll team. I have only done two so far, but it is a good group of people that are more concerned with learning and having fun than winning.
Other than that, if you learn best from actual guided instruction, than either Cybrary/OpenSecurityTraining, something like Pentester Academy/Security Tube, or more specific instruction such as Corelan's exploit development series.
eLearnSecurity is definitely another option though, and I actually got my eCPPT before my OSCP. That said, it is a bit less recognized, and if you are already planning on getting your OSCP I might skip that one. I'm personally thinking about getting their 4 in a box bundle for WAPT, WAPX, MAPT, and CRE. They have a nice learning platform, and fairly decent pricing/customer service.
Learn to use Linux. Read this: http://www.amazon.com/The-Web-Application-Hackers-Handbook/dp/1118026470
Also this: (some people think this is slightly skiddy but good intro)
1) CS would be the obvious choice, but you have to look at the courses required/electives offered for each major. You're going to want to have courses in assembly programming, networking, security, and web development at a minimum.
2-5) What Lamat said.
A good book to study from is The Web Application Hackers Handbook.
Also, prepare for and take the US Cyber Challenge. You don't have to ace it, but if you do decently well (60-70%) you will likely receive an offer to attend a Cyber Camp this summer... this is a week-long series of seminars about all sorts of security topics, with a job fair at the end. It is probably the very best chance you have of getting into an entry-level technical (ie: malware analysis, memory forensics) type security job/internship.
Typically, the challenge will require you to use WireShark to analyze a file of captured network packets. You will analyze the packets to determine whether an attack occurred (from & to IPs, time, what attack method was used.... this is where the handbook I mentioned above will prepare you).
After you've done your analysis (and taken LOTS of notes), you take the test.... it's 24 multiple choice questions such as: What is the IP of the hacker who stole John Smith's bank password? What attack was used from 192.168.21.5 on Mar 10? etc.
When I did the analysis a couple years ago, I had a pad of paper and just went through the whole file writing down the packet number, timestamp, relevant IPs, relevant data (usernames), and what I thought was occurring. So when I took the test, when it asked those questions, I could check my notes to find the corresponding event.
I think I got around a 70% in 20 minutes. Which didn't even put me on the top 100 scoreboard (those spots will be taken by people with 100% in 20 seconds scores). But I still was offered a spot at the cyber camp.
I've recently focused my efforts on transitioning from a web app developer to a penetration tester. There are a lot of tools that do similar things, but there are also a lot of tools that do unique scans and checks. CEH is not a great resource or certification. If you want an overview of pentesting in an educational setting, Penetration Testing with Kali (https://www.offensive-security.com/information-security-training/penetration-testing-training-kali-linux/) is an awesome course and certification.
If you are more interested in web app pentesting, start looking at OWASP (which is where WebGoat comes from).
The book Web Application's Hacker's Handbook (http://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470/ref=sr_1_1?ie=UTF8&qid=1456009501&sr=8-1&keywords=web+application+hackers+handbook) is a great book. One of the authors is the creator of the Burp Suite tool, which is a must when doing web app pentesting.
There are a lot of resources and it can be overwhelming. Do you know anyone in pentesting you could talk to/work with? The best thing, in my experience, is to play with different tools and resources to see what you like best.
Security CTF's are another good way to get introduced to multiple types of pentesting.
I would recommend reading:
and looking at CTF challenges focused on web over at CTFTime.org
http://www.amazon.com/The-Web-Application-Hackers-Handbook/dp/1118026470 .Currently I am reading this book and I highly recommend reading it before jumping into XSS cheat sheets. It does cover XSS vulnerability in detail.
Since you are already a web developer, perhaps have a look at the sites you have created previously and audit them?
There are lots of bug bounty programs, where you can get exposure/experience to real world sites, and their issues.
The Web Application Hacker's Handbook
Web Application Obfuscation
The Tangled Web
SQL Injection Attacks and Defense
this book is definitely what you're looking for, it talks about EVERYTHING in web security.
[BOOK]The Web Application Hacker's Handbook 2nd Edition